Skip to content

codedx/codedx-github-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

GitHub Action for SRM

This GitHub action can be used to push source code, binaries, and scan results to an SRM instance from within a GitHub workflow; source and binaries are automatically scanned by SRM using its built-in analysis tools.

Features and Behavior

Comma-separated globs are used to select source/binary files and scan-result files.

The Action can optionally wait for analysis completion, writing the final status of the analysis to logs.

The workflow will be set to fail if:

  • The source/binaries glob(s) fail to match any files
  • There are any errors when contacting your SRM server
  • The analysis ends in failure

Requirements

  • A deployed, licensed instance of SRM (any license)
  • Access from GitHub to SRM via HTTP, or via HTTPS with a recognizable certificate (use the ca-cert param if not using a public CA)
  • A Project in SRM to store results
  • An API Key or Personal Access Token with "Create" permissions for the Project

Action Inputs

Input Name Description Default Value Required
server-url The URL for the SRM server (typically ends with /srm) Yes
api-key An API Key or Personal Access Token to use when connecting to SRM Yes
project-id The ID of a project (an integer) created in SRM undefined Yes[1]
project-name The name of a project created in SRM undefined Yes[1]
auto-create-project Whether SRM should automatically create a project with the given project-name if it does not yet exist. false No[2]
base-branch-name The parent branch name of a project created in SRM undefined No[2][3]
target-branch-name The target branch name of a project created in SRM.
SRM automatically creates the branch if it does not exist yet in the project, and the new branch will be created from base-branch-name		 undefined No[2]
source-and-binaries-glob A comma-separated-list of file globs matching source and binary files to be packaged and sent to SRM undefined No
tool-outputs-glob A comma-separated list of file globs matching tool output/scan result files undefined No
wait-for-completion Whether to wait for the analysis to complete before exiting false No
ca-cert A custom CA cert to use for HTTPS connections to SRM undefined No
dry-run Whether to submit an analysis (false/undefined) or only test the connection and credentials (true) undefined No

Notes

  1. Either project-id or project-name is required. An error will be thrown if neither is specified or both are specified.
  2. If auto-create-project is set to true, SRM will automatically create the project if it does not yet exist. The base-branch-name will be used as the default branch, and target-branch-name will be used as the analysis branch. If neither is specified, it will simply use the default branch. If only one of the branches is specified, it will throw error during project creation.
  3. base-branch-name is required if target-branch-name is specified and doesn't exist yet in the project.

Sample Workflow

on: [push]

jobs:
  codedx-analyze:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - name: SRM Upload
        uses: 'codedx/codedx-github-action@v1.3.0'
        with:
          server-url: ${{ secrets.CDX_SERVER_URL }}
          api-key: ${{ secrets.CDX_API_KEY }}
          project-id: ${{ secrets.CDX_PROJECT_ID }}
          source-and-binaries-glob: './**'
          wait-for-completion: false

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

6 watching

Forks

3 forks
Report repository

Releases 14

v1.3.0 Latest
Oct 18, 2024
+ 13 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages